Kafka with SASL_PLAINTEXT authentication

Question

I'm using the following docker-compose configuration:

  app-zookeeper:
    image: wurstmeister/zookeeper
    container_name: app-zookeeper
    ports:
      - 2181:2181

  app-kafka:
    build: ../images/kafka
    container_name: app-kafka
    ports:
      - 9092:9092
    environment:
      KAFKA_ADVERTISED_HOST_NAME: ${DOCKER_LOCAL_HOST}
      KAFKA_ADVERTISED_PORT: 9092
      KAFKA_ADVERTISED_LISTENERS: SASL_PLAINTEXT://:9092
      KAFKA_LISTENERS: SASL_PLAINTEXT://:9092
      KAFKA_ZOOKEEPER_CONNECT: app-zookeepr:2181
      KAFKA_DELETE_TOPIC_ENBALE: "true"
      KAFKA_SASL_ENABLED_MECHANISMS: SCRAM-SHA-512
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: SCRAM-SHA-512
      KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SASL_PLAINTEXT
      CUSTOM_INIT_SCRIPT: "export KAFKA_OPTS=-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

File kafka_server_jaas.conf:

KafkaServer {
  org.apache.kafka.common.security.scram.ScramLoginModule required
  username="admin"
  password="admin123";
};

On images/kafka I have a DockerFile:

FROM wurstmeister/kafka

# Authentication
COPY kafka_server_jaas.conf /opt/kafka/config/

# Define env vars for authentication
ENV CUSTOM_INIT_SCRIPT="export KAFKA_OPTS=-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"
ENV KAFKA_OPTS="-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf"

# create user
RUN kafka-configs.sh --zookeeper <DOCKER_LOCAL_HOST>:2181 --alter --add-config='SCRAM-SHA-512=[password="admin123"]' --entity-type users --entity-name admin

# List users
RUN kafka-configs.sh --zookeeper <DOCKER_LOCAL_HOST>:2181 --describe --entity-type users

Then I start the zookeeper container and kafka containers:

On kafka container I got this error, and I am not able to connect.

ERROR [Controller id=1001, targetBrokerId=1001] Connection to node 1001 failed authentication due to: Authentication failed due to invalid credentials with SASL mechanism SCRAM-SHA-512 (org.apache.kafka.clients.NetworkClient)

on the kafka container: I have the env var KAFKA_OPTS defined

KAFKA_OPTS=-Djava.security.auth.login.config=/opt/kafka/config/kafka_server_jaas.conf

Any clue?

Moving from answer to comment https://github.com/confluentinc/cp-docker-images/blob/5.0.0-post/examples/kafka-cluster-sasl/docker-compose.yml — OneCricketeer, Sep 24 '18 at 04:42

Kafka with SASL_PLAINTEXT authentication

0 Answers0